Now, more than ever, water companies need to consider how they would deliver their critical services in the event of a major cyber disruption. Greater automation, data hacking and more sophisticated cyber threat groups are all increasing the vigilance that is required. There has already been an attack where chemical controls within a treatment works were compromised.
Water companies must focus on prevention and, should such threats arise, be ready to address early intervention, how services will be redressed, how control of operations can be regained, and how long to get critical services up and running.
With the UK PR19 results and during the AMP 7 period we expect to see greater automation within water companies operations. This also requires sufficient contingency plans for business continuity in the light of an attack. Cybercrime has no borders, whether the reason is political, terrorist or mischief.
The ResearchGate report "A Review of Cybersecurity Incidents in the Water Sector" lists 15 incidents between 2000 and 2019 with varying impacts, from discharging millions of gallons of sewerage into the environment in Australia to sophisticated ransomware attacks in the US. An observable trend is the earlier attacks were mostly conducted by disaffected former employees, while the later ones are increasingly perpetrated by criminal hacktivist groups; this could easily happen in the UK.
Hostile actors including foreign states, criminals, "hacktivist" groups and terrorists conducting cyber espionage could all target water supplies. These organisations are continually evolving their capabilities, and it is essential water companies meet this by evolving their own protection strategies. Ofwat in realising this has made cybersecurity a component of the resilient supply network requirement in AMP 7.
The cyber-attack surface is expanding, especially where use of digital networks in Smart Water is transforming the operational technology systems that support water supply and wastewater networks. Providing the essential protective security requires a variety of measures to detect, deter and delay any potential attack. Cybersecurity policy, process and protection techniques should form the mainstay of any multi-layered security approach.
These key elements, supported by consistent monitoring, analysis and response, maintain control of ongoing threat detection and vulnerability management. Trust boundaries in the supporting communications networks must also be carefully analysed and managed to avoid leaving gaps in the network’s protection.
Various communication technologies are being adopted to support Smart Water such as Public LTE-NB, Private LTE-NB, LoRaWan and proprietary network providers. All have differing security profiles that need to be carefully assessed, and appropriate security measures put in place, before their adoption.
IOT devices, including sensors with onboard intelligence connected to the OT network, need special consideration, particularly when installed in remote, hard-to-protect locations. This will need both physical protection and firmware upgrade strategies to ensure they do not become a backdoor into the network.
DXC brings a depth of experience and skills to provide and develop the most suitable defense for this evolving environment. Having previously worked with smart systems definition and operations, our security teams provide a multi-layered cybersecurity approach. We have strength and depth in all elements of cybersecurity and third-party management, supported by technical security experts, cyber consultants, security architects and cyber analysis specialists, who are certified in the management and operation of threat protection devices and security controls such as NCSC cybersecurity essentials and the NIST Cybersecurity Framework (CSF) frameworks.
We provide a full range of security capabilities supporting confidentiality, integrity and availability through services such as authentication, control of access via digital identity, managed security services, hardware and software operations and service support capabilities. We understand the demands across IT and OT interoperability and the importance of achieving the full value of end-to-end service integration while managing the risk of such interfaces.
DXC provides integrated Security Operations Center (SOC) systems with 24x7 security incident and event management (SIEM) capabilities to effectively monitor security event collecting, correlation and analysis linked to prioritised incident response. This is enhanced by our partnership with very specialised operational technology and control systems defenders who can handle the evolving communications protocols.
DXC has proven, extensive experience securing critical national infrastructure and operational technology across many industries including energy, utilities, aerospace and defense. We understand the demand and necessity to maintain critical operations and keep people safe.
Learn more about protecting critical infrastructure with DXC Security services.